Critical infrastructure systems around the world are the targets of repeated cyberattacks, according to a new global survey of technology executives in these industries. The United States and China are believed to be the most likely countries to conduct a cyberattack against the critical infrastructure of another nation, according to the respondents. Companies and agencies operating in the banking and finance sectors, energy and natural resources, telecommunications and internet service providers, transportation and mass transit, chemical production and storage, food distribution and government services are considered critical infrastructure companies. The attacks that are occurring include massive denial of service attacks, stealthy efforts to penetrate networks undetected, DNS poisoning, SQL injection attacks and malware infections. Among the more serious findings in the report is that some of the most sensitive critical infrastructure entities around the world, such as those for energy and natural-resource industries (such as water and sewage plants), are some of the least secure. About 55 percent of respondents in the energy and power and the oil and gas sectors reported that the attackers most often targeted the SCADA or other operational control systems, although the survey offers no indication of how successful these attacks were. The survey involved 600 IT and security executives in critical infrastructure industries in 14 countries, including financial, transportation and mass transit, energy and natural resources, telecoms and ISPs. The report is believed to be the first of its kind to examine the security of critical infrastructures around the world, although it has a number of shortcomings that the coordinators don’t address.
For example, the report indicates that large-scale DDoS attacks had a particularly severe effect in the energy and power and water and sewage sectors, but doesn’t elaborate on what consequences were suffered as a result of these attacks.
About 75 percent of executives in China believe foreign governments have been involved in cyberattacks against critical infrastructure in that country, while 60 percent in the U.S.
In a conference call, the organizers of the survey acknowledged that respondents who indicated that foreign-nation states were behind attacks were not asked how they knew attacks against them came from nation states. More than half of executives surveyed (54 percent) said they suffered large-scale DDoS attacks and stealthy infiltration attacks by high level adversaries, such as organized crime, terrorists or nation-state actors. Nearly 30 percent of those surveyed reported suffering large-scale DDoS attacks multiple times each month, with about 64 percent saying the attacks impacted their operations in some way, such as interfering with website operations, e-mail servers or phone systems.
The most common target in such attacks was financial information, with a little more than half reporting that this was the aim of intruders.


With regard to securing against attack, critical infrastructure entities in China have the highest rate of adopting strong security measures such as encryption, user authentication and strict security polices. The adoption of strong security measures, however, didn’t necessarily translate to better protection from high-level attacks. Energy infrastructure (EI) attacks in Yemen have been going on for awhile now, escalating since 2011 when Ali Abdullah Saleh stepped down.
The ICS-CERT issued a new Monitor report that revealed a surge of brute force attacks against control systems mainly belonging to the energy sector. Lila Kee, North American Energy Standards Board member highlighted the fact that ICS-CERT report is the demonstration of the concrete risk of cyber attacks against critical infrastructures and in particular against the energy sector.
The fact that the attempts were failed should not make us feel safe, the situation is critical and the level of alert must be high, cyber security of critical infrastructures is a must for any government like reinforced by this report.
To deal with spear-phishing firms must develop a security training program that will prepare the employees for the possible vector attacks and the main social engineering techniques. The FARC, which began in 1964 as a peasant movement, wants President Juan Manuel Santos to agree to a bilateral ceasefire, and analysts reckon the latest attacks are aimed at angering Colombians so they pressure him to call a truce. ICS-CERT posted an alert on the US-CERT secure portal (Control Systems Center), containing 10 IP addresses, to warn other critical infrastructure asset owners, especially in the natural gas industry, to watch for similar activity. Kee confirmed the need to rapidly report that incidents and share data on attacks to prevent further damage.
AQAP targets Yemen’s oil and gas infrastructure in protest of drone strikes and as a way to impact government revenue and credibility. They believe some of the attacks are coming not just from individual cybercriminals but terrorists and foreign nation states. The aims of the attacks vary from shutting down services or operations to theft of services and data or extortion attempts.
The organizers said the respondents were likely basing their responses simply on perceptions gained from news reports rather than firsthand knowledge of the source of attacks.


The least common target was password and login information, which was targeted in only 21 percent of attacks. The AFP reported 2 attacks: On 29 April an armed group bombed power lines in Marib province which shut down electricity for the entire province.
Analyzing the sectors hit by the cyber attacks it is possible to note that 53% (111) of the offensives targeted control systems in Energy sector followed by Critical Manufacturing Industry at 17% (32). In this scenario we will expect that the number of attacks will increase also in the next years, however the increased level of awareness and the high interest in the matter could avoid serious consequences. He has so far refused and has condemned the attacks as irrational and having no explanation.
That alert elicited additional reports from critical infrastructure owners who, using the indicators in the alert, had discovered similar brute force attempts to compromise their networks. Overall, on average EI attacks in Yemen are occurring at a rate of every 14 days (on average).
According the ICS-CERT the victims were targeted by mostly by watering hole attacks, SQL injection, and spear phishing. Colombia's FARC rebels shot dead three police officers on Thursday and brought down an energy pylon, cutting off power to half a million people in the country's south, the military said, as the Marxist group stepped up attacks amid stumbling peace talks.
In other words the meaning of the infrastructure was not simply something that served the extraction, production and transport needs of the hydrocarbon sector but for local tribesman it was a form of power-sharing and access to such infrastructure was seen as a form of communication.
ICS-CERT reported an increase of brute force attacks against a gas compressor station owner, the attack campaign fortunately didn’t result in any actual breaches.
The ICS-CERT issued an official alert on its secure portal about the attacks against the gas compressor plant providing also the 10 IP addresses being used in the offensives.



Safety tips for tornadoes and hurricanes
How to prepare for hurricanes and tornadoes
What is the core function of risk assessment process
Tornado protection helmets


Comments

  1. 11.04.2015 at 14:43:34


    Lot more likely to get your EMF meter from if it can regard.

    Author: QaQaW_ZaGuLbA
  2. 11.04.2015 at 12:24:25


    From a hardware retailer if you you have been squeezing into a hiding.

    Author: Odinokiy_Princ
  3. 11.04.2015 at 15:12:10


    Bleach readily that you may possibly uncover your household.

    Author: DeLi
  4. 11.04.2015 at 16:32:55


    Food things for a couple of power and can self opening doors.

    Author: pakito